4 matches found
Circle with Disney Backup API Command Injection Vulnerability(CVE-2017-2866)
Summary An exploitable vulnerability exists in the /api/CONFIG/backup functionality of Circle with Disney. Specially crafted network packets can cause an OS command injection. An attacker can send an HTTP request trigger this vulnerability. Tested Versions Circle with Disney Product URLs...
CVE-2017-2866
An exploitable vulnerability exists in the /api/CONFIG/backup functionality of Circle with Disney. Specially crafted network packets can cause an OS command injection. An attacker can send an HTTP request to trigger this vulnerability...
CVE-2017-2866
An exploitable vulnerability exists in the /api/CONFIG/backup functionality of Circle with Disney. Specially crafted network packets can cause an OS command injection. An attacker can send an HTTP request to trigger this vulnerability...
CVE-2017-2866
CVE-2017-2866 (Circle with Disney) : Concrete details show an OS command injection in the backup API (/api/CONFIG/backup). The vulnerability arises when the attacker-controlled GET parameter appid is passed directly to system after assembling a shell command, allowing arbitrary command execution....